[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

SBS 2011 - Exchange 2010 - Delayed incoming email

Posted on 2013-12-11
14
Medium Priority
?
906 Views
Last Modified: 2014-02-11
Hey Guys

I've got a strange thing happening with some incoming emails from certain domains.
A user will send an email out at say 9.08am.
The email is received by the recipient within a minute or so.
The recipient emails back their reply 20min later say 9.27am.
But the doesn't receive the reply until 5.04pm that day.
This is happening in OWA as well as Outlook.

I have checked the connection logs for that time and I can't see any errors.

One thing I noticed in the receive logs is quite a few errors about "4.3.2 Service not available". Though those errors don't really occur at the same time as I'd expect the reply to come in.

Here is a screenshot of the log for one of the days that the issue occurred (however I think that looks like an issue with their printer):
receive connector log
Are there any other logs you would suggest looking at?
Do you think it's more likely the recipients exchange server?

Kind Regards
Aaron
0
Comment
Question by:moncomp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
14 Comments
 
LVL 6

Expert Comment

by:donnk
ID: 39713331
show the full email header for the one where you say the email hits your server at 9:27 but the server doesnt deliver it until 5:04
0
 

Author Comment

by:moncomp
ID: 39713370
Here is the email header info:

Received: from webhosting.x.x.x (x.x.x.x) by myexchangeserver.com
 (192.168.45.10) with Microsoft SMTP Server (TLS) id 14.1.438.0; Mon, 9 Dec
 2013 17:04:06 +0800
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=sendingserver.com;
      h=Received:From:To:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language:X-Source:X-Source-Args:X-Source-Dir;
      b=DHkmUqJqbh+bvV3zJkrw+uxqBYIeK3o9QaKRk1DbjDw9GpO75eWJvjUyNFJioQtsCGGfQqYJswecU4AVmx3SCzl2IXg+CHQ2SXyTyP/ciJ7Eeb53/HQQh/6t2qZ7Eqeo;
Received: from [x.x.x.x] (helo=userPC)      by webhosting.x.x.x with esmtpa
 (Exim 4.69)      (envelope-from <sender@sendersdomain.com>)      id
 1VpqYQ-0004Pd-Qn      for user@myexchangeserver.com; Mon, 09 Dec 2013 09:26:38
 +0700
From: Sender <sender@sendersdomaincom>
To: 'User' <user@myexchangeservercom>
References: <46B795CAF3E4BA49BF741C6B56B43391DFD01F@SERVER.local>
In-Reply-To: <46B795CAF3E4BA49BF741C6B56B43391DFD01F@SERVER.local>
Subject: RE: SENDERS SUBJECT
Date: Mon, 9 Dec 2013 09:26:38 +0700
Message-ID: <000901cef486$16f47e80$44dd7b80$@sendersdomain.com>
MIME-Version: 1.0
Content-Type: multipart/related;
      boundary="----=_NextPart_000_000A_01CEF4C0.C355C780"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFi1XZufTGydSp2DdoKCVd2eZByYZsjYMZg
Content-Language: en-us
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - webhosting.x.x.x
X-AntiAbuse: Original Domain - myexchangeserver.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - sendersdomain.com
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path: sender@sendersdomain.com
X-MS-Exchange-Organization-AuthSource: SERVER.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EsetId: 56DCDF3D23A3BB2505918E
0
 
LVL 6

Expert Comment

by:donnk
ID: 39713384
ok so this his your mail server at  Mon, 09 Dec 2013 09:26:38, now show the tracking log from exchange toolbox for this email.

Also I see the header is being interfered with:

X-AntiAbuse      This header was added to track abuse, please include it with any abuse report

What is doing this ? Is your exchange box the MX record server or are you pulling email from another server ?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:moncomp
ID: 39713389
is this what you are after?
tracking log
0
 
LVL 6

Expert Comment

by:donnk
ID: 39713395
X-AntiAbuse  this looks to be the  issue. Where is it being applied ?
0
 

Author Comment

by:moncomp
ID: 39713405
Good question. That I'm not sure of. How do I track that down? Is that definitely going to be my end, not the recipients end?

Anti-Spam is disabled on the SBS 2011 Exchange server.
Could that be applied by the firewall?
0
 

Author Comment

by:moncomp
ID: 39713407
The server is set as the MX server, it's not using POP3 connector if that's what you meant.
0
 
LVL 6

Expert Comment

by:donnk
ID: 39713416
normally cpanel boxes add it, are these delayed mails always from the same people ?
0
 

Author Comment

by:moncomp
ID: 39713432
I think the user has only complained about two domains only.

I went back over the email history for the sender linked to the above logs.
There only seems to be X-AntiAbuse information attached to email when the email has is being replied to by the sender.

Here is the host that's doing it by the looks from the logs: X-AntiAbuse: Primary Hostname - webhosting.u.net.id

I think that's the senders domain. Maybe their email is housed in cpanel?
0
 
LVL 19

Expert Comment

by:Andrew Davis
ID: 39713435
okay the delay is from webhosting.x.x.x to you. I am going to assume that webhosting.x.x.x is the ISP or smart host being used by the sender, and it is getting bogged down with sending the mail.

to read headers a great tool is http://mxtoolbox.com/EmailHeaders.aspx

Simply paste the headers and it will give you a report that makes more sense.

Cheers
Andrew
0
 

Author Comment

by:moncomp
ID: 39713439
I'll send a query about this this to the IT admin department that manages the host and see what they think.

Many thanks for your help Andrew :)
0
 

Author Comment

by:moncomp
ID: 39713441
hey one thing I notice when I run the read header tool is the total delay is really long.
Total Delay:       23848 seconds
The delay is only showing on my exchange server side.

Do you think I should be concerned about that at all?
0
 

Accepted Solution

by:
moncomp earned 0 total points
ID: 39841061
Hey donnk

Found the issue with Fortigate support.
We updated the firmware to the latest version as their version was quite old.
But then we found someone had configured bandwidth management on all SMTP traffic. We removed and issue has not returned! :)
0
 

Author Closing Comment

by:moncomp
ID: 39849699
found a firewall configuration issue that resolved the problem.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question